PHP Idp Sample :
- form for creating metadata - sso support - small README with installation instruction
This commit is contained in:
parent
aab4db8ebc
commit
7acad8e5e7
|
@ -1 +1,27 @@
|
|||
TODO ;0)
|
||||
Lasso PHP Identity Provider Exemple
|
||||
----------------------------------
|
||||
|
||||
SOFTWARE
|
||||
This directory include a Liberty Alliance Identity Provider written in PHP
|
||||
with the Lasso extension.
|
||||
|
||||
INSTALLATION
|
||||
You need the fallowing components :
|
||||
- The Apache Web Server with PHP4 version 4.3 with OpenSSL support enabled
|
||||
- The Lasso Extension for PHP
|
||||
- The PostgreSQL database server
|
||||
- PHP Pear modules : DB, HTML_QuickForm
|
||||
|
||||
Under Debian GNU/Linux you can install thoses package with apt-get or aptitude:
|
||||
apache, php4, php4-lasso, postgresql, pear.
|
||||
|
||||
You can download pear modules with the pear commande :
|
||||
|
||||
# pear install DB HTML_Common HTML_Form HTML_QuickForm
|
||||
|
||||
CONFIGURATION
|
||||
For the Apache web server you need to add in the httpd.conf file:
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/(soapEndpoint|singleSignOn)(.*)$ /$1.php$2
|
||||
|
||||
|
|
|
@ -31,12 +31,16 @@
|
|||
if (DB::isError($db))
|
||||
die($db->getMessage());
|
||||
|
||||
if (!empty($_GET['dump']))
|
||||
// Show XML dump
|
||||
if (!empty($_GET['dump']) && !empty($_GET['type']))
|
||||
{
|
||||
$query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
|
||||
|
||||
$query = "SELECT " . ($_GET['type'] == 'user' ? 'user' : 'session') .
|
||||
$query .= "_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
print $res->getMessage(). "\n";
|
||||
die($res->getMessage());
|
||||
|
||||
$row = $res->fetchRow();
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
|
@ -44,7 +48,7 @@
|
|||
<html>
|
||||
<body>
|
||||
<table>
|
||||
<caption>Identity Dump</caption>
|
||||
<caption><?php echo ($_GET['type'] == 'user' ? 'Identity' : 'Session'); ?> Dump</caption>
|
||||
<tr>
|
||||
<td>
|
||||
<textarea rows="15" cols="50"><?php echo htmlentities($row[0], ENT_QUOTES); ?></textarea>
|
||||
|
@ -86,6 +90,7 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Lasso Service Provider Example : Users Management</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
|
||||
<script language="JavaScript" type="text/javascript">
|
||||
<!--
|
||||
|
||||
|
@ -146,10 +151,12 @@
|
|||
<?php
|
||||
switch ($tableinfo[$i]['name'])
|
||||
{
|
||||
case "identity_dump":
|
||||
echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>";
|
||||
case "user_dump":
|
||||
echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=user')>view</a>";
|
||||
break;
|
||||
case "session_dump":
|
||||
echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=session')>view</a>";
|
||||
break;
|
||||
|
||||
default:
|
||||
echo (empty($row[$i])) ? " " : $row[$i];
|
||||
}
|
||||
|
|
|
@ -0,0 +1,134 @@
|
|||
<?php
|
||||
/*
|
||||
* Identity Provider Example -- Form for creating Service Provider Metadata
|
||||
*
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* http://lasso.entrouvert.org
|
||||
*
|
||||
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
require_once 'HTML/QuickForm.php';
|
||||
|
||||
$form = new HTML_QuickForm('frm');
|
||||
|
||||
$form->setDefaults(array(
|
||||
'providerID' => 'https://',
|
||||
'AssertionConsumerService' => 'https://',
|
||||
'SoapEndpoint' => 'https://',
|
||||
'SingleLogoutService' => 'https://',
|
||||
'RegisterNameIdentifierService' => 'https://',
|
||||
'AuthnRequestsSigned' => 1,
|
||||
'filename' => getcwd().'/metadata.xml'
|
||||
));
|
||||
|
||||
$form->addElement('header', null, 'Create Liberty Alliance Metadata for an Service Provider');
|
||||
$form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255));
|
||||
|
||||
$form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255));
|
||||
|
||||
$form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255));
|
||||
$form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap'));
|
||||
|
||||
$form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255));
|
||||
$form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap'));
|
||||
|
||||
$form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255));
|
||||
$form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', '');
|
||||
|
||||
$form->addElement('textarea', 'metadata', 'Metadata:', array('cols' => 60, 'rows' => 15));
|
||||
$form->addElement('text', 'filename', 'Filename:', array('size' => 60, 'maxlength' => 255));
|
||||
|
||||
$button[] = &HTML_QuickForm::createElement('button', null, 'Preview', array('onclick' => "write_metadata_preview();"));
|
||||
$button[] = &HTML_QuickForm::createElement('submit', null, 'Write Metadata');
|
||||
|
||||
$form->addGroup($button, null, null, ' ', false);
|
||||
|
||||
if ($form->validate()) {
|
||||
|
||||
$xml = "<?xml version=\"1.0\"?>
|
||||
<EntityDescriptor providerID=\"". $form->exportValue('providerID') ."\" xmlns=\"urn:liberty:metadata:2003-08\">
|
||||
<SPDescriptor>
|
||||
<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">" . $form->exportValue('AssertionConsumerService') . "</AssertionConsumerServiceURL>\n
|
||||
<SingleLogoutServiceURL>" . $form->exportValue('SingleLogoutService') . "</SingleLogoutServiceURL>
|
||||
<SingleLogoutProtocolProfile>" . $form->exportValue('SingleLogoutProtocolProfile') . "</SingleLogoutProtocolProfile>\n
|
||||
<RegisterNameIdentifierServiceURL>" . $form->exportValue('RegisterNameIdentifierService') . "</RegisterNameIdentifierServiceURL>
|
||||
<RegisterNameIdentifierProtocolProfile>" . $form->exportValue('RegisterNameIdentifierProtocolProfile') . "</RegisterNameIdentifierProtocolProfile>\n
|
||||
<SoapEndpoint>" . $form->exportValue('SoapEndpoint') . "</SoapEndpoint>\n
|
||||
<AuthnRequestsSigned>" . (($form->exportValue('AuthnRequestsSigned')) ? 'true' : 'false') . "</AuthnRequestsSigned>
|
||||
</SPDescriptor>
|
||||
</EntityDescriptor>";
|
||||
|
||||
|
||||
if (($fd = fopen($form->exportValue('filename'), "w")))
|
||||
{
|
||||
fwrite($fd, $xml);
|
||||
fclose($fd);
|
||||
}
|
||||
else
|
||||
die("Could not write metadata file :" . $form->exportValue('filename'));
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<body onLoad="window.close()">
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<script language="JavaScript" type="text/javascript">
|
||||
<!--
|
||||
|
||||
function write_metadata_preview(popurl)
|
||||
{
|
||||
frm = document.frm;
|
||||
|
||||
frm.metadata.value =
|
||||
'<\?xml version=\"1.0\"\?>\n' +
|
||||
'<EntityDescriptor\n' +
|
||||
'providerID="' + frm.providerID.value + '\"\n' +
|
||||
'xmlns=\"urn:liberty:metadata:2003-08\">\n' +
|
||||
'<SPDescriptor>\n' +
|
||||
'<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">' +
|
||||
frm.AssertionConsumerService.value + '</AssertionConsumerServiceURL>\n' +
|
||||
'<SingleLogoutServiceURL>' + frm.SingleLogoutService.value + '</SingleLogoutServiceURL>\n' +
|
||||
'<SingleLogoutProtocolProfile>' + frm.SingleLogoutProtocolProfile.options[frm.SingleLogoutProtocolProfile.value].text + '</SingleLogoutProtocolProfile>\n' +
|
||||
'<RegisterNameIdentifierServiceURL>' + frm.RegisterNameIdentifierService.value + '</RegisterNameIdentifierServiceURL>\n' +
|
||||
'<RegisterNameIdentifierProtocolProfile>' + frm.RegisterNameIdentifierProtocolProfile.options[frm.RegisterNameIdentifierProtocolProfile.value].text + '</RegisterNameIdentifierProtocolProfile>\n' +
|
||||
'<SoapEndpoint>' + frm.SoapEndpoint.value + '</SoapEndpoint>\n' +
|
||||
'<AuthnRequestsSigned>' + ((frm.AuthnRequestsSigned.value) ? 'true' : 'false') + '</AuthnRequestsSigned>\n' +
|
||||
'</SPDescriptor>\n' +
|
||||
'</EntityDescriptor>';
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<?php
|
||||
$form->display();
|
||||
?>
|
||||
<br>
|
||||
<p>Copyright © 2004 Entr'ouvert</p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
/*
|
||||
* Identity Provider Example -- Destroy Federation
|
||||
*
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* http://lasso.entrouvert.org
|
||||
*
|
||||
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
session_start();
|
||||
|
||||
if (!isset($_SESSION['user_id']))
|
||||
{
|
||||
die("User is not logged in!\n");
|
||||
}
|
||||
|
||||
?>
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
/*
|
||||
* Identity Provider Example -- Create Federation
|
||||
*
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* http://lasso.entrouvert.org
|
||||
*
|
||||
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
session_start();
|
||||
|
||||
if (!isset($_SESSION['user_id']))
|
||||
{
|
||||
die("User is not logged in!\n");
|
||||
}
|
||||
|
||||
?>
|
|
@ -52,13 +52,9 @@ You can get more informations about <b>Lasso</b> at <br>
|
|||
|
||||
require_once 'DB.php';
|
||||
|
||||
if (!empty($_GET['SID']))
|
||||
session_start($_GET['SID']);
|
||||
else
|
||||
session_start();
|
||||
session_start();
|
||||
|
||||
lasso_init();
|
||||
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
|
@ -82,12 +78,53 @@ You can get more informations about <b>Lasso</b> at <br>
|
|||
<tr>
|
||||
<td><b>Identity Provider Fonctionnality</b></td>
|
||||
</tr>
|
||||
<?php
|
||||
if (!isset($_SESSION["user_id"])) {
|
||||
?>
|
||||
<tr>
|
||||
<td><a href="login.php">Login</a></td>
|
||||
<td><a href="login.php">Local Login</a></td>
|
||||
</tr>
|
||||
<?php } else { ?>
|
||||
<tr>
|
||||
<td><a href="federate.php">Create federation</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a href="defederate.php">Destroy federation</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a href="logout.php">Local Logout</a></td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
</table>
|
||||
</p>
|
||||
<!-- <p>Lasso Version : <?php // echo lasso_version(); ?></p> -->
|
||||
|
||||
<p>
|
||||
<table border="1" frame="above">
|
||||
<caption><b>Status</b></caption>
|
||||
<tr>
|
||||
<?php
|
||||
if (!isset($_SESSION["user_id"]))
|
||||
{
|
||||
echo "<td>User is <b>not</b> logged in!</td>";
|
||||
}
|
||||
else
|
||||
{
|
||||
?>
|
||||
<td colspan='2' align="center">User <b>is</b> logged in!</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>UserID:</b></td><td><?php echo $_SESSION["user_id"]; ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>User Name:</b></td><td><?php echo $_SESSION["username"]; ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>PHP Session ID:</b></td><td><?php echo session_id(); ?></td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</table>
|
||||
|
||||
<br>
|
||||
<p>Copyright © 2004 Entr'ouvert</p>
|
||||
|
|
|
@ -23,18 +23,53 @@
|
|||
*/
|
||||
$config = unserialize(file_get_contents('config.inc'));
|
||||
|
||||
require_once 'DB.php';
|
||||
require_once 'HTML/QuickForm.php';
|
||||
require_once 'DB.php';
|
||||
|
||||
|
||||
$form = new HTML_QuickForm('frm');
|
||||
|
||||
$form->addElement('header', null, 'Login on the Lasso Identity Provider Example');
|
||||
|
||||
$form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
|
||||
$form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
|
||||
$form->addElement('submit', null, 'Ok');
|
||||
|
||||
$form->addRule('username', 'Please enter the Username', 'required', null, 'client');
|
||||
$form->addRule('password', 'Please enter the Password', 'required', null, 'client');
|
||||
|
||||
if ($form->validate())
|
||||
{
|
||||
$config = unserialize(file_get_contents('config.inc'));
|
||||
|
||||
$db = &DB::connect($config['dsn']);
|
||||
|
||||
if (DB::isError($db))
|
||||
die($db->getMessage());
|
||||
|
||||
$query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
|
||||
$query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
$db->disconnect();
|
||||
|
||||
if ($res->numRows())
|
||||
{
|
||||
$row = $res->fetchRow();
|
||||
session_start();
|
||||
$_SESSION['user_id'] = $row[0];
|
||||
$_SESSION['username'] = $form->exportValue('username');
|
||||
|
||||
$url = 'index.php';
|
||||
header("Request-URI: $url");
|
||||
header("Content-Location: $url");
|
||||
header("Location: $url");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
<?php
|
||||
/*
|
||||
* Identity Provider Example -- Local Logout
|
||||
*
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* http://lasso.entrouvert.org
|
||||
*
|
||||
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
session_start();
|
||||
|
||||
# Destroy The PHP Session
|
||||
$_SESSION = array();
|
||||
|
||||
session_destroy();
|
||||
|
||||
$url = "index.php";
|
||||
header("Request-URI: $url");
|
||||
header("Content-Location: $url");
|
||||
header("Location: $url");
|
||||
?>
|
|
@ -363,6 +363,15 @@
|
|||
<head>
|
||||
<title>Setup script for Lasso (Liberty Alliance Single Sign On)</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
|
||||
<script language="JavaScript" type="text/javascript">
|
||||
<!--
|
||||
|
||||
function openpopup(popurl)
|
||||
{
|
||||
var winpops=window.open(popurl,"","width=600,height=400")
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<form name='frm' action='<?php echo $PHP_SELF ?>' method='POST'>
|
||||
|
@ -447,7 +456,8 @@
|
|||
</tr>
|
||||
|
||||
<tr>
|
||||
<td>Metadata</td><td><input type='text' name='metadata' size='50'></td><td> </td>
|
||||
<td>Metadata</td><td><input type='text' name='metadata' size='50'></td>
|
||||
<td><a href="javascript:openpopup('create_metadata.php')">Create Metadata</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
@ -471,6 +481,8 @@
|
|||
<input type='submit' name='setup' value='setup'>
|
||||
</p>
|
||||
</form>
|
||||
<br>
|
||||
<p>Copyright © 2004 Entr'ouvert</p>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<?php
|
||||
/*
|
||||
*
|
||||
* Identity Provider Example -- Setup
|
||||
* Identity Provider Example -- Single Sing On
|
||||
*
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* http://lasso.entrouvert.org
|
||||
|
@ -22,35 +21,191 @@
|
|||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
if (empty($_POST) && empty($_GET))
|
||||
{
|
||||
die("Unknow login methode!");
|
||||
}
|
||||
$methode = empty($_POST) ? 'GET' : 'POST';
|
||||
|
||||
require_once 'HTML/QuickForm.php';
|
||||
require_once 'DB.php';
|
||||
|
||||
$config = unserialize(file_get_contents('config.inc'));
|
||||
|
||||
lasso_init();
|
||||
session_start();
|
||||
|
||||
$server_dump = file_get_contents($config['server_dump_filename']);
|
||||
// Create the form
|
||||
$form = new HTML_QuickForm('frm');
|
||||
|
||||
$form->addElement('header', null, 'Single Sing On Login');
|
||||
|
||||
$form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
|
||||
$form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
|
||||
$form->addElement('submit', null, 'Ok');
|
||||
|
||||
$server = LassoServer::newfromdump($server_dump);
|
||||
$form->addRule('username', 'Please enter the Username', 'required', null, 'client');
|
||||
$form->addRule('password', 'Please enter the Password', 'required', null, 'client');
|
||||
|
||||
$login = new LassoLogin($server);
|
||||
|
||||
if ($methode = 'GET')
|
||||
// Login dump is not available, show the login form
|
||||
if (!isset($_SESSION['login_dump']) && !$form->validate())
|
||||
{
|
||||
print $_SERVER['QUERY_STRING'];
|
||||
$login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
|
||||
print "ici";
|
||||
}
|
||||
else
|
||||
{
|
||||
// TODO
|
||||
// Check for AuthnRequest
|
||||
if (empty($_POST) && empty($_GET))
|
||||
{
|
||||
die("Unknow login methode!");
|
||||
}
|
||||
|
||||
lasso_init();
|
||||
|
||||
$server_dump = file_get_contents($config['server_dump_filename']);
|
||||
|
||||
$server = LassoServer::newfromdump($server_dump);
|
||||
|
||||
$login = new LassoLogin($server);
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] = 'GET')
|
||||
$login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
|
||||
else
|
||||
{
|
||||
// TODO
|
||||
exit;
|
||||
}
|
||||
|
||||
// User must NOT Authenticate with the IdP
|
||||
if (!$login->mustAuthenticate())
|
||||
{
|
||||
// TODO
|
||||
exit;
|
||||
}
|
||||
|
||||
$login_dump = $login->dump();
|
||||
|
||||
$_SESSION['login_dump'] = $login->dump();
|
||||
|
||||
lasso_shutdown();
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (isset($_SESSION['login_dump']) && $form->validate())
|
||||
{
|
||||
$db = &DB::connect($config['dsn']);
|
||||
|
||||
//echo $methode;
|
||||
//echo $_SERVER['QUERY_STRING'];
|
||||
if (DB::isError($db))
|
||||
die($db->getMessage());
|
||||
|
||||
$query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
|
||||
$query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
if ($res->numRows())
|
||||
{
|
||||
// Get user_id from users
|
||||
$row = $res->fetchRow();
|
||||
$user_id = $row[0];
|
||||
|
||||
$server_dump = file_get_contents($config['server_dump_filename']);
|
||||
|
||||
lasso_init();
|
||||
|
||||
$server = LassoServer::newfromdump($server_dump);
|
||||
|
||||
$login = LassoLogin::newfromdump($server, $_SESSION['login_dump']);
|
||||
|
||||
$authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
|
||||
|
||||
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
|
||||
{
|
||||
$login->buildArtifactMsg(
|
||||
TRUE, // User is authenticated
|
||||
$authenticationMethod,
|
||||
"2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter
|
||||
lassoHttpMethodRedirect);
|
||||
}
|
||||
else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
|
||||
{
|
||||
// TODO
|
||||
print "TODO : Post\n";
|
||||
exit();
|
||||
}
|
||||
else
|
||||
die("Unknown protocol profile for login:" . $login->protocolProfile);
|
||||
|
||||
if ($login->isIdentityDirty)
|
||||
{
|
||||
// TODO
|
||||
// print "isIdentityDirty yes";
|
||||
}
|
||||
|
||||
// Get name identifier
|
||||
$query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'";
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
// Save name identifier
|
||||
if (!$res->numRows())
|
||||
{
|
||||
$query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
|
||||
$query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
$name_identifier = $login->nameIdentifier;
|
||||
}
|
||||
else
|
||||
{
|
||||
$row = $res->fetchRow();
|
||||
$name_identifier = $row[0];
|
||||
}
|
||||
|
||||
// Update identity dump
|
||||
$identity = $login->identity;
|
||||
$query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
// Update session dump
|
||||
$session = $login->session;
|
||||
$query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
// Save assertion
|
||||
$query = "INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact;
|
||||
$query .= "', '" . $login->responseDump . "')";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
|
||||
{
|
||||
$artifact = $login->assertionArtifact;
|
||||
$response_msg = $login->responseDump;
|
||||
$url = $login->msgUrl;
|
||||
|
||||
header("Request-URI: $url");
|
||||
header("Content-Location: $url");
|
||||
header("Location: $url");
|
||||
}
|
||||
else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
|
||||
{
|
||||
}
|
||||
|
||||
lasso_shutdown();
|
||||
exit();
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html>
|
||||
<body>
|
||||
<?php
|
||||
$form->display();
|
||||
?>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -22,4 +22,70 @@
|
|||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
require_once 'DB.php';
|
||||
|
||||
header("Content-Type: text/xml\r\n");
|
||||
|
||||
if (empty($HTTP_RAW_POST_DATA))
|
||||
die("HTTP_RAW_POST_DATA is empty!");
|
||||
|
||||
$config = unserialize(file_get_contents('config.inc'));
|
||||
|
||||
$server_dump = file_get_contents($config['server_dump_filename']);
|
||||
|
||||
lasso_init();
|
||||
|
||||
$requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA);
|
||||
$server = LassoServer::newfromdump($server_dump);
|
||||
|
||||
$db = &DB::connect($config['dsn']);
|
||||
|
||||
if (DB::isError($db))
|
||||
die($db->getMessage());
|
||||
|
||||
switch ($requestype)
|
||||
{
|
||||
// Login
|
||||
case lassoRequestTypeLogin:
|
||||
$login = new LassoLogin($server);
|
||||
$login->processRequestMsg($HTTP_RAW_POST_DATA);
|
||||
$artifact = $login->assertionArtifact;
|
||||
|
||||
$query = "SELECT response_dump FROM assertions WHERE assertion='";
|
||||
$query .= $artifact ."'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
// Good Artifact, send reponse_dump
|
||||
if ($res->numRows())
|
||||
{
|
||||
$row = $res->fetchRow();
|
||||
|
||||
$query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
header("Content-Length: " . strlen($row[0]) . "\r\n");
|
||||
echo $row[0];
|
||||
}
|
||||
else
|
||||
{
|
||||
// Wrong Artifact
|
||||
header("HTTP/1.0 403 Forbidden");
|
||||
header("Content-Length: 0\r\n");
|
||||
exit;
|
||||
}
|
||||
break;
|
||||
case lassoRequestTypeLogout:
|
||||
break;
|
||||
case lassoRequestTypeDefederation:
|
||||
break;
|
||||
default:
|
||||
die("Unkown request type!");
|
||||
}
|
||||
|
||||
lasso_shutdown();
|
||||
?>
|
||||
|
|
|
@ -73,5 +73,7 @@
|
|||
<?php
|
||||
$form->display();
|
||||
?>
|
||||
<br>
|
||||
<p>Copyright © 2004 Entr'ouvert</p>
|
||||
</body>
|
||||
</html>
|
||||
|
|
Loading…
Reference in New Issue